Lucene search
+L

24 matches found

SUSE CVE
SUSE CVE
added 2026/07/11 3:22 a.m.6 views

SUSE CVE-2026-58459

gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The...

9.6CVSS6.4AI score0.01775EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-58459

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device...

9.6CVSS6.4AI score0.01775EPSS
Exploits1References4
Fedora
Fedora
added 2026/04/16 11:42 p.m.8 views

[SECURITY] Fedora 44 Update: kf6-kplotting-6.25.0-1.fc44

KPlotting provides classes to do plotting...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/04/16 11:42 p.m.10 views

[SECURITY] Fedora 44 Update: kf6-kquickcharts-6.25.0-1.fc44

The Quick Charts module provides a set of charts that can be used from QtQuick applications. They are intended to be used for both simple display of data as well as continuous display of high-volume data often referred to as plotters . The charts use a system called distance fields for their...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2025/03/10 12:0 a.m.5 views

PlotAI 命令注入漏洞

PlotAI is an open source plotting assistant for MLJAR. A security vulnerability exists in PlotAI 0.0.6 and earlier versions, which stems from a lack of validation of LLM-generated output and could lead to remote code execution...

9.8CVSS7.5AI score0.00952EPSS
Exploits0References6
NVD
NVD
added 2024/05/05 3:15 a.m.16 views

CVE-2024-34490

In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d...

5.1CVSS6.3AI score0.00182EPSS
Exploits0References1
OSV
OSV
added 2024/05/05 3:15 a.m.4 views

DEBIAN-CVE-2024-34490

In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d...

5.1CVSS5.7AI score0.00182EPSS
Exploits0References1
OSV
OSV
added 2024/05/05 3:15 a.m.10 views

CVE-2024-34490

In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d...

6.5AI score
Exploits0References1
OSV
OSV
added 2024/05/05 3:15 a.m.6 views

UBUNTU-CVE-2024-34490

In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d...

5.1CVSS5.8AI score0.00182EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/05 12:0 a.m.29 views

CVE-2024-34490

In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d...

6.5AI score0.00182EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/05 12:0 a.m.10 views

CVE-2024-34490

In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d...

6.6AI score0.00182EPSS
Exploits0References1
CVE
CVE
added 2024/05/05 12:0 a.m.50 views

CVE-2024-34490

CVE-2024-34490 affects Maxima up to 5.47.0 before 51704c. The plotting facilities (e.g., plot2d) use predictable file names under /tmp, allowing a local attacker to pre-create files and influence contents. This is a local-impact condition as described in multiple connected sources (Red Hat, NVD/o...

5.1CVSS6.5AI score0.00182EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/05/05 12:0 a.m.18 views

CVE-2024-34490

In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d...

5.1CVSS5.1AI score0.00182EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/05/04 12:0 a.m.7 views

PT-2024-25940 · Maxima +1 · Maxima +1

Name of the Vulnerable Software and Affected Versions: Maxima versions prior to 5.47.0 before 51704c Description: The plotting facilities in the affected software make use of predictable names under /tmp, allowing a local attacker to control the contents by creating files in advance with these...

5.1CVSS6.3AI score0.00182EPSS
Exploits0References13
Fedora
Fedora
added 2024/03/07 10:33 p.m.27 views

[SECURITY] Fedora 40 Update: rstudio-2023.12.1+402-2.fc40

RStudio is an integrated development environment IDE for R. It includes a console, syntax-highlighting editor that supports direct code execution, as well as tools for plotting, history, debugging and workspace management. This package provides common files for rstudio-desktop and rstudio-server...

8.8CVSS7.1AI score0.02578EPSS
Exploits3
0day.today
0day.today
added 2022/12/24 12:0 a.m.404 views

OpenTSDB 2.4.0 Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in the yrange parameter in OpenTSDB through 2.4.0 CVE-2020-35476 in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If...

9.8CVSS9.9AI score0.8533EPSS
Exploits5
Kitploit
Kitploit
added 2022/01/14 11:30 a.m.36 views

Raven - Advanced Cyber Threat Map (Simplified, Customizable, Responsive)

Raven - Advanced Cyber Threat Map Simplified, customizable and responsive. It uses D3.js with TOPO JSON, has 247 countries, 100,000 cities, and can be used in an isolated environment without external lookups!. Live - Demo https://qeeqbox.github.io/raven/ Offline - Demo Features Uses D3.js Not...

7.1AI score
Exploits0References2
Veracode
Veracode
added 2021/06/24 1:34 a.m.12 views

Malicious Package

mplatlib is a malicious package. The package is a typosquat of the legitimate Python plotting software matplotlib from PyPI and is designed to infiltrate the PyPI repository that secretly pull in cryptominers on the affected machines...

3.6AI score
Exploits0
Veracode
Veracode
added 2021/06/24 1:33 a.m.10 views

Malicious Package

matplatlibplus is a malicious package. The package is a typosquat of the legitimate Python plotting software matplotlib from PyPI and is designed to infiltrate the PyPI repository that secretly pull in cryptominers on the affected machines...

3.4AI score
Exploits0
Veracode
Veracode
added 2021/06/24 12:54 a.m.11 views

Malicious Package

maratlib is a malicious package. The package is a typosquat of the legitimate Python plotting software matplotlib from PyPI and is designed to infiltrate the PyPI repository that secretly pull in cryptominers on the affected machines...

3.5AI score
Exploits0
Rows per page
Query Builder